Just trying to clarify what a DOS (Denial of Service) Attack is. A DOS attack is a flood of malicious TCP packets, such as SYN or ACK Floods, usually with a spoofed (fake) ip address. When the router tries to reply, it times out eventually, but many more have come in in the mean time. It is a means of eating up all of the resources within a router rendering it basically useless. [It is very difficult to stop due to the fact the packets are intended for the router, not requiring to be passed.][I think]
I think this is what you are talking about. If not, please feel free to correct me. >Ryan "Even a stopped clock is right twice a day." -----Original Message----- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, July 06, 2006 3:47 PM To: [email protected] Subject: Re: [pfSense Support] denial of service attack Jeremy Rempel wrote: > We were getting thousands of requests per second from various hosts > for files that didn't exist on the apache webserver. I will try > setting up the synproxy and see if that helps. Can someone point me > to info on setting up synproxy? If it's legit HTTP requests, your firewall can't further differentiate between the "good" and the "bad". It isn't at all aware of your web server, other than it knows to let TCP 80 to it. You could (I believe, no pfS GUI handy ATM and I don't recall 100% for sure) limit the number of states per source IP in your firewall rules, if you're getting thousands from a single host. if it's just a few requests from many thousands of hosts, you're out of luck there. For an attack like this, you really need either something on the web server itself, or a reverse proxy between your firewall and web server. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
